From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sat, 7 Jul 2012 21:41:24 -0400 From: Theodore Ts'o To: Ben Hutchings Cc: Linux Kernel Developers List , ewust@umich.edu, zakir@umich.edu, nadiah@cs.ucsd.edu, jhalderm@umich.edu, stable@vger.kernel.org Subject: Re: [PATCH 07/12] random: use the arch-specific rng in xfer_secondary_pool Message-ID: <20120708014124.GA3809@thunk.org> References: <1341614704-24965-1-git-send-email-tytso@mit.edu> <1341614704-24965-8-git-send-email-tytso@mit.edu> <1341709606.25597.182.camel@deadeye.wl.decadent.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1341709606.25597.182.camel@deadeye.wl.decadent.org.uk> Sender: linux-kernel-owner@vger.kernel.org List-ID: On Sun, Jul 08, 2012 at 02:06:46AM +0100, Ben Hutchings wrote: > > Surely the number of random bytes being added is i * sizeof(long), not > sizeof(u.hwrand)? > Meh; Kees Cook has made the same observation. Basically, in the unlikely case where RDRAND fails, we'll end up mixing in stack garbage. It's not a security vulnerability, since the contents of the entropy pool never gets exposed. In fact, one could argue that mixing in some unknown garbage from the kernel stack might actually help a little; but it can't hurt. - Ted